A system and method for providing cybersecurity incident response utilizing a large language model. The method includes: mapping a received incident input into a scenario of a plurality of scenarios, each scenario including a plurality of sub-scenarios; generating a query based on the received incident input and a selection of a sub-scenario of the plurality of sub-scenarios; executing the query on a security database, the security database including a representation of the computing environment; and initiating a mitigation action based on a result of the executed query.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
2. The method of claim 1, wherein the incident input includes any one of: a query, a statement, and a combination thereof.
The invention relates to natural language processing systems designed to handle diverse forms of textual input. The core problem addressed is the limitation of existing systems that process only specific types of input, such as queries or statements, without flexibility to adapt to mixed or varied input formats. This restricts the system's ability to provide accurate and contextually relevant responses. The method involves a processing system that accepts an incident input, which can be a query, a statement, or a combination of both. The system analyzes the input to determine its type and context, then generates an appropriate response based on the identified input characteristics. For example, if the input is a query, the system retrieves relevant information or answers the question. If the input is a statement, the system may acknowledge, confirm, or provide follow-up information. When the input is a combination, the system processes each component separately or in an integrated manner to ensure coherence in the response. This approach enhances the system's versatility, allowing it to handle a broader range of user interactions without requiring separate processing pipelines for different input types. The method improves user experience by providing consistent and context-aware responses regardless of the input format.
3. The method of claim 1, wherein the LLM is trained on any one of: a data schema utilized in representing the computing environment, incident data classified to a scenario, the plurality of scenarios, and a combination thereof.
The invention relates to training a large language model (LLM) for use in computing environments, particularly for incident management and scenario-based problem-solving. The core problem addressed is the need for an LLM to effectively understand and process structured data, incident classifications, and predefined scenarios to improve decision-making and automation in computing environments. The LLM is trained on a combination of data schemas, incident data, and predefined scenarios. The data schema represents the structure of the computing environment, including relationships between components and their attributes. Incident data is classified into specific scenarios, which are predefined situations or patterns that the LLM can recognize and respond to. The training process involves exposing the LLM to these elements, allowing it to learn how to interpret and act upon them. By training on these inputs, the LLM can better analyze incidents, correlate them with known scenarios, and generate appropriate responses or recommendations. This approach enhances the model's ability to handle complex, real-world computing issues by leveraging structured knowledge and historical incident data. The result is a more accurate and context-aware system for managing incidents in dynamic computing environments.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 31, 2024
June 4, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.